Windows 2003 has lots of auditing features built in. They can be enabled via GPO. SQL 2005 doesn’t have a whole lot of auditing that can be used. There are a couple of products out there which you can look out. Most people end up setting up a trace to monitor the users required then import that trace into a SQL Table for storage.